@soluto-asurion/kamus-cli
v0.3.0
Published
CLI Tool to encrypt secrets for kamus
Downloads
24
Readme
Kamus CLI
This cli was created to provide an easy interface to interact with Kamus API.
It supports azure device flow authentication out of the box.
To install, use the following NPM command:
npm install -g @soluto-asurion/kamus-cli
Alternatively, you can use docker to run the CLI (for example, to run it inside the cluster when the encryptor is deployed without ingress):
docker run -it --rm soluto/kamus-cli encrypt <arguments>
Or, using kubectl:
kubectl run -it --rm --restart=Never kamus-cli --image=soluto/kamus-cli -- encrypt <arguments>
Supported commands:
Encrypt
kamus-cli encrypt --secret <data> --service-account <serviceAccount> --namespace <namespace> --kamus-url <kamus-url>
How to enable azure active directory authentication
You need working active directory tenant and designated native app registration, Then just set all the auth
prefixed options.
Once the user will run the cli with the auth options, he will get a small code and and azure URL to login into.
CLI options:
| Option | Required | Description | Default Value | | ------------------- | ------------ | ----------------------------------------------- | ------------- | | --auth-tenant | false | azure authentication tenant id | | | --auth-application | false | azure authentication application id | | | --auth-resource | false | azure authentication resource id | | | --cert-fingerprint | false | certificate fingerprint of encrypt api for validation | | | --kamus-url | true | url of kamus encrypt api | | | --allow-insecure-url | false | allow or block non https endpoints | false | | --log-level <debug|verbose|info|warn|error|fatal> | false | specify global logger level | | --log-flag <[no-](date|inline|colorful)> | false | the prefix no- represent negation. date: whether to print date. default value is false. inline: each log record output in one line. default value is false. colorful: whether to print with colors. default value is true. | --log-output | false | specify the output path (default behavior is output directory to stdout). | --log-encoding | false | specify the log file's encoding. | --secret or --secret-file | true | the secret to encrypt, or the file containing it | |